This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/
*/
rule CloudDuke_Malware {
rule CloudDuke_Malware : APT CloudDuke {
meta:
meta:
description = "Detects CloudDuke Malware"
description = "Detects CloudDuke Malware"
author = "Florian Roth"
author = "Florian Roth"
...
@@ -40,7 +40,7 @@ rule CloudDuke_Malware {
...
@@ -40,7 +40,7 @@ rule CloudDuke_Malware {
/* Super Rules ------------------------------------------------------------- */
/* Super Rules ------------------------------------------------------------- */
rule SFXRAR_Acrotray {
rule SFXRAR_Acrotray : APT CloudDuke {
meta:
meta:
description = "Most likely a malicious file acrotray in SFX RAR / CloudDuke APT 5442.1.exe, 5442.2.exe"
description = "Most likely a malicious file acrotray in SFX RAR / CloudDuke APT 5442.1.exe, 5442.2.exe"
